Integrating LDAP into uPortal

Integrating LDAP into uPortal

Many institutions have user and group information that is not under the control of the portal, but through one or more directory services, such as an LDAP server.  Configuring uPortal to us an LDAP server is a several step process which involves editing several properties files. The properties files can be found in the properties subdirectory under the uPortal build directory (for example, uPortal_rel-2-5-1/properties).

  1. Configure security.properties

Edit the security.properties file. Find the following line:

root=org.jasig.portal.security.provider.SimpleSecurityContextFactory

Comment this line out and add the following line:

root=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
  1. Configure ldap.properties
    Edit the ldap.properties file. You will need to configure this file to match your LDAP server.
    Change the ldap.host value, for example:
    ldap.host=ldap.cornell.edu
    
    Change the port number if necessary.
    Change the ldap.baseDN value, for example:
    ldap.baseDN=o=Cornell University,c=US
    
    Change the uid attribute if necessary.
    ldap.uidAttribute=netid
    
    You may also need to add values for ldap.managerDN and ldap.managerPW if your server does not allow anonymous binds.
  2. Configure PersonDirs.xml
    Edit the PersonDirs.xml file. You will need to configure this file to match your LDAP server just like you did for the ldap.properties file. Find the section with the LDAP properties heading. Uncomment the section and modify the section as appropriate for your LDAP server. For example;
    <url>ldap://ldap.cornell.edu:389/o=Cornell University,c=US</url>
    <logonid></logonid>
    <logonpassword></logonpassword>
    <uidquery>(cn={0})</uidquery>
    <usercontext></usercontext>
    
    Find the section for configuring JDBC and comment out that section.
    Change the attributes values as necessary.
  3. Restart the application.
    Type ant deploy from the build directory and then restart your servlet container.
Authentication from multiple sources

Even if uPortal is configured to use LDAP for primary authentication, it can be configured such that authentication can occur either from the LDAP directory or the uPortal database.

Edit the security.properties file. In this case, you need to use the UnionSecurityContextFactory by setting the properties as follows:

root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory